How to configure LUM on a new SUSE workstation

First, we'll need a SUSE Open Enterprise Server and a Novell Linux Desktop. How to install this server and workstation is out of the scope of this document. Refer to the installation instructions in the documentation. After both machines are set up, you are ready to install the Linux User Management (LUM) components onto the workstation.

From the Open Enterprise Server (OES) CD 3, install NLDAPsdk and NLDAPbase.
Use the following command:

Now that we have the required RPM's installed we can install the LUM component.
From OES CD2, install novell-lum-2.2.0-55.1.i586.rpm
Use the following command:

rpm –Uvh novell-lum-2.2.0-55.1.i586.rpm

All the required components are now installed and we can import the workstation into eDirectory using namconfig.

In order to be able to login to the workstation we need to assign users to this workstation so they are priviliged to authenticate to the workstation. Therefore, we need to have the workstation imported into eDirectory.

To import the workstation we use namconfig.
Use the following command:

What this all means:
-a cn=admin,o=novell. This is the user we are logging in as
-r o=novell. This is the partition root. My test tree only has 1 partition
-w ou=services,o=novell. This is the context where the workstation will be created
-S 172.16.1.200:389. This is the LDAP server we are using
-l 636. This is the secure LDAP port we are using

Make sure that the context where the workstation will be created matches the context where the Unix config checks for workstation. You can check this from iManager | Linux User Management | Modify Linux/Unix Config Object.

Importing the workstation should produce a message like the following:

We are now ready to setup LUM for a user so that we can login, but we'll need to make some changes first.

In order to be able to login in Xwindows we'll need to modify the pluggable authentication module for the XDM service. We can find this file in /etc/pam.d/xdm.
In the same directory is a file called pam_nam_sample. This file contains the 4 lines we need to add to the xdm pam. Copy the content of pam_nam_sample and paste this into file called xdm. If you want to enable this for other services you can modify the appropriate file.

Last thing we need to do is to enable a user for LUM so the user can login to the workstation. For this whole process we'll use iManager.

We've created a group called Lum-Users and made a our user John Doe member of this group. Now we need to enable this group in LUM.
Within Linux User Management | Click Enable groups for linux and select the Lum-Group we've just created.